Crypto Trader Suffers $50 million Loss Following Address Poisoning Attack

A cryptocurrency trader lost approximately $50 million in Tether's USDT after being tricked by a sophisticated address poisoning attack. The scheme was initiated when the victim sent a small test transaction, which an attacker's script detected. The attacker then generated a spoofed wallet address that closely matched the victim's intended address, differing only in the middle characters. The attacker sent a negligible amount of crypto from this fake address, causing it to appear in the victim's recent transaction history, where wallet interfaces often display only truncated addresses. The victim copied this fraudulent address, sending nearly $50 million to the attacker instead of their secure wallet. The attacker quickly swapped the USDT for DAI, then converted it to approximately 16,680 ETH, which was subsequently deposited into Tornado Cash to obscure the trail. In response, the victim offered a $1 million white-hat bounty for the return of 98% of the funds, warning the attacker of relentless legal action if they did not comply within 48 hours. The incident highlights a persistent security risk stemming from wallet providers abbreviating long address strings, exploiting user behavior rather than blockchain code flaws.

(Source：BeInCrypto)